Description

Subscribe to OSC on a 4.12 cluster

Steps to reproduce

1. Go to operator hub
2. install OSC any channel
3.

Expected result

oc get pod to show the controller-manager-xxx get created by the deployment

Actual result

oc get deploy controller-manager -o yaml shows

 message: 'pods "controller-manager-56bb58b774-rrx26" is forbidden: violates PodSecurity
      "restricted:latest": allowPrivilegeEscalation != false (container "manager"
      must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities
      (container "manager" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot
      != true (pod or container "manager" must set securityContext.runAsNonRoot=true),
      seccompProfile (pod or container "manager" must set securityContext.seccompProfile.type
      to "RuntimeDefault" or "Localhost")'
    reason: FailedCreate

Impact

Cannot subscribe to the OSC operator

Cannot create kataconfig

Env

4.12 nightly cluster

 oc get catsrc -n openshift-marketplace redhat-operators -o yaml:

  image: registry.redhat.io/redhat/redhat-operator-index:v4.11

Things are working on a 4.11 cluster

Additional helpful info

<logs, screenshot, doc links, etc.>